Answered by:

"Append these DNS Suffixes" not available.

Question

I have Windows 7 Professional 32-bit and 64-bit on home computers. I would like to be able to connect to the VPN at my office and use connection specifix DNS suffixes for the VPN connections. Under Windows XP you could simply add the additional connection suffixes to the Advanced options for the network connection properties. However, under Windows 7 this option is unavailable.

This solution HAS NOT WORKED for me. The ability to append DNS Suffixes remains greyed out for all accept the default LAN connection.

My home machines are NOT on a domain and are simply workgrouped. I do not wish to join my home machines to the company's domain as I do not wish to have all of the GPOs apply.

Is there some additional configuration or some other way to have connection specific DNS suffixes apply to my VPN connections? There are a considerable amount of sub-domains and resources that I have to work with so a host file would become unwieldly quickly. It seems ridiculous to me that this functionality can't be enabled, so I must just not be checking the right boxes or something.

Same question, but in relation to Win7 Home Premium. I need to access our work VPN which requires a DNS suffix be added and I am unable to. Since there is no group policy management - no gpedit console (or any local user or group management whatsoever, so I just found out) am I SOL? I would think it's rather rediculous that I can not connect to a VPN which is, in part, the entire purpose of said VPN, from HOME with an OS with the name 'HOME' in it.

My only concern with this solution and the others I've seen from Microsoft is that they are not per-connection solutions. Adding in the search suffixes either in a GPO or the Registry seems to be equivalent to adding them in to the primary connection's search suffix fields. In essence making these suffixes apply to all connections and not specifically called/utilized when a VPN/Secondary connection is active.

As you may imagine, there can be cases when these search suffixes may provide inconsistent and inaccurate results when private intranet suffixes are applied to the public internet (name collisions, lack of split horizon DNS resources). I understand the security concerns around split tunneling, but am I to understand that versions of Windows moving forward will be without per connection suffix inclusion and we are forced to using one set of suffixes for all connections?

Generally we consider that the DNS Suffix will be provided by your default gateway. I fully understand your concern. This was a change since Windows Vista as we know. Now I cannot tell you if we need to work with it in every later operation systems. We will report your concern to our proper department.

Generally we consider that the DNS Suffix will be provided by your default gateway. I fully understand your concern. This was a change since Windows Vista as we know. Now I cannot tell you if we need to work with it in every later operation systems. We will
report your concern to our proper department.

Hmmm, the last link in Montago's post above ("apparently it can be solved") does NOT work for me using Win8. I'm using a Win8 Pro 64-bit system at home (workgroup based), with a standard Microsoft PPTP VPN to my office (domain based).

Not sure why Microsoft has changed the rules of engagement, but it sure sucks that there is no way to override the "greyed out" feature. An ongoing reminder, in case anyone forgets, of the arrogance that is Microsoft.

As (one of) the domain administrators at work I have been similarly frustrated by the converse problem, namely that the Windows DHCP servers will not allow sending a DNS search list (using the standard DHCP options for that purpose), with the rationale that
"some Windows clients cannot utilize that information". So we can no longer add a search list to the client, and we cannot add it to the server because some (really old I presume) Microsoft clients can't use the information. Totally Brilliant!

Another issue here is when you try to configure IPV4 the error "In order to configure TCP/IP you must install and enable a network adapter card" I have reinstalled my network card over and over, I can configure a search list one time then next
reboot same error and my search list is broken... on a win8 surface pro. Setting the search list in GPedit.msc would not work but in regedit tcpip parameters the searchlist with the domains you want searched worked for me.

Note: Comma separated no spaces seems to work after a reboot. Also this was for searching several domains with no VPN.

The OS assumes you want to be connected to Microsoft at all times with very little care about domains and users, just move to the cloud your data is safe with us.